Need a Second Hand Opinion

[TheJediSlayer]

Hello,

Well, I need a second hand opinion, please, about what I should do and if anyone could please help me resolve this problem without having to reformat my computer. Yes, I realize that I haven't explained the problem, so here it is. Basically my friend went onto my computer, surfed the web, and managed to get me a few trojans/adware onto my computer. Fortunately I found a good amount of the stuff and have removed it. However, as pointed out in the link below, I am told that my computer is not entirely "free" of bad stuff. So, I was hoping that someone in the Techspot community would be kind enough to give a few minutes of their time to review the link below and determine the best course of action, and if at all, avoid a reformat at all cost.

Thanks,

Tyler

Link:
http://www.maximumpc.com/forums/viewtopic.php?t=94279

 

[Bobbye]

If you would like us to check the system for malware, please follow the steps in the Virus and Malware Removal>> https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Attach the three logs when through and include log from full system scan with AV program. We'll review the logs for remaining malware.

I did not go to the other forum.

 

[TheJediSlayer]

Hello,

As per request, here are the logs.

 

[Bobbye]

You may have some security conflicts. BitDefender, WOT, Haute Secure- so be aware of that. I don't see any malware in these 2 logs, but need the following for additional information:

Please run a full system scan with BitDefender AV. If anything is found, please attach log.

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  
• Run Combo-Fix.exe and follow the prompts.
  (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
• Wait for the scan to be completed.
• If it requires a reboot, please do it.

• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Did you run Superantispyware initially? Was anything found?

Please attach logs from AV and Combofix report.

 

[TheJediSlayer]

Thank you again for looking over my logs! :}

 

[Bobbye]

I recommend you tighten up your firewall rules. You have a lot of gaming going through and the Dyyno P2P Source Application "enables gamers to broadcast their games live to large audiences ... It combines instant messaging, a server browser, peer-to-peer file ..." From WOW

Do be too generous with what you allow through. I can't clear you completely because some of your security was running when you scanned using Combofix:
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

Instruction for Combofix are:

Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

 

[TheJediSlayer]

**UPDATE**

Turns out that I have a trojan on my computer that simply refuses to die. Trojan's process is PEV.exe. I've tried using SUPERAntiSpyware on it and it claims to remove it, but the trojan continues to appear every time I've done a scan. No other anti-tools detect the trojan in question. Need advice for permanently removing it.

Thanks,

Tyler

 

[TheJediSlayer]

**UPDATE 2**

Log files with NO Anti-detection tools turned on.

I still, unfortunately, have the trojan with the known file type of pev.exe. Cannot seem to remove it, even after quarantining and removing it, then doing a system restart. Using Superantispyare to get it.

 

[Bobbye]

You should EDIT you post to add information, not give new reply.

I'm going to see if kritius will take this over. You second HijackThis log isn't complete and Combofix entries need to be removed. I should have had you start at the beginning here. Working between two-or more- forums is not the way to go!

Never do a System Restore when cleaning! You reinfect the system and undo everything that was done previously.

 

[TheJediSlayer]

The hijack log is not incomplete. The reason why there are so few running processes, etc, is because I disabled all services/startup items in MSCONFIG. Here is another hijack log with all startup/services re-enabled.

 

[Bobbye]

You can't run a computer with everything disabled! I'll be back later this afternoon.

Please check back because I am going to reply as en Edit to this.

 

[kritius]

Hi,

Go to start and then run and type,

combofix /u

RSIT
Download random's system information tool (RSIT) by random/random from HERE and save it to your Desktop.

• Double click on RSIT.exe to run.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
• Please post the contents of both logs in the next reply.

Rooter.exe

Download Rooter.exe to your desktop.

• Then double-click it to start the tool.
• A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here.

 

[TheJediSlayer]

Here are the logs you requested. Thank you for your help so far, guys.

EDIT

Sorry, but for some reason, there seems to be a block on my ability to be able to upload a fourth file for combo. The combo file, though, is further up the post.

 

[kritius]

I'll look over this in the morning, its late and I'm tired.

Also I was asking you to uninstall combofix, not run it.